LDAP Authentication

TobyBurress

This document is intended as a guide for the configuration
of an LDAP server (principally an
OpenLDAP server) for authentication
on FreeBSD. This is useful for situations where many servers
need the same user accounts, for example as a replacement for
NIS.

1.Â Preface

This document is intended to give the reader enough of an
understanding of LDAP to configure an LDAP server. This
document will attempt to provide an explanation of
net/nss_ldap and
security/pam_ldap for use with client
machines services for use with the LDAP server.

When finished, the reader should be able to configure and
deploy a FreeBSD server that can host an LDAP directory, and to
configure and deploy a FreeBSD server which can authenticate
against an LDAP directory.

This article is not intended to be an exhaustive account of
the security, robustness, or best practice considerations for
configuring LDAP or the other services discussed herein. While
the author takes care to do everything correctly, they do not
address security issues beyond a general scope. This article
should be considered to lay the theoretical groundwork only, and
any actual implementation should be accompanied by careful
requirement analysis.